Me stupid: lost password for gpg

[Russell Coker]

On Tuesday 28 December 2004 19:25, Hans de Goede <j.w.r.degoede at hhs.nl> wrote:
> > The program could try over 600 combinations a second on a 2-3yo Athlon
> > giving almost 5 digits tested per day if you only use lower-case and
> > digits.  This means that a pass-phrase of 6 characters comprising
> > lower-case and digits could be reliably cracked in just over a month.  7
> > characters could be done in 3 years with an old Athlon or maybe some
> > reasonable amount of time in a dual-Opteron.  8 or more characters would
> > require a large network of machines.
> >
> > Let me know if you want a copy of my code, but be warned, it's really
> > ugly. Also it might be possible to optimise things and maybe double the
> > speed if you can figure out GPG memory management (I can't).
>
> 1) Thanks, but I finally remembered my password
> 2) This is worry some, so a passphrase really should be 8 chars minimal?

Given that anyone can crack 6 characters, 7 characters could be cracked easily 
by hardware that will be cheap in a few years, and 8 can be easily cracked 
with a network of machines I think that you need at least 10 characters for 
the pass-phrase to be worth much.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page